Falhas do tipo CWE-80
551 resultadosCVE-2026-25006MEDIUMWordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2026-39625MEDIUMWordPress TechOne theme <= 3.0.3 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2025-61583MEDIUMTS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handlingEPSS 0.2%CVE-2026-39629MEDIUMWordPress Uminex theme <= 1.0.9 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2025-45286MEDIUMA cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafEPSS 0.2%CVE-2024-9147MEDIUMHTML Injection in Bna Informatics' PosPratikEPSS 0.2%CVE-2025-15058MEDIUMResponsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency'EPSS 0.2%CVE-2025-66512MEDIUMNextcloud Server vulnerable to XSS in SVG images when opened outside of NextcloudEPSS 0.2%CVE-2025-31575MEDIUMWordPress Flag Icons plugin <= 2.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-14835HIGHWP Photo Album Plus <= 9.1.05.008 - Reflected Cross-Site ScriptingEPSS 0.2%CVE-2025-31326MEDIUMHTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)EPSS 0.2%CVE-2024-34398MEDIUMAn issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.EPSS 0.2%CVE-2026-25935HIGHVikunja Affected by XSS Via Task PreviewEPSS 0.2%CVE-2025-65924MEDIUMERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks in fields that are intended for plain text.EPSS 0.2%CVE-2025-49137HIGHHax CMS Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-59573MEDIUMWordPress Cozy Blocks Plugin <= 2.1.29 - Content Injection VulnerabilityEPSS 0.2%CVE-2025-31384HIGHWordPress Videos plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-20170MEDIUMA vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to cEPSS 0.2%CVE-2025-20267MEDIUMCisco Identity Services Stored Cross-Site Scripting VulnerabilityEPSS 0.2%CVE-2025-54346HIGHA Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.EPSS 0.2%